Am 14.01.19 um 19:00 schrieb Florian Westphal:
nft add chain raw prerouting "{type filter hook prerouting priority -300;}"
Hello
Thank you, this syntax solves the problem. Is it from a pure technical
Viewpoint of Packetfiltering ok, if I store all Chains in the same table,
like the sample below? This results in the easiest readable edition for me.
But in fact, it has to be ok.
nft add table ip filter
nft add chain ip filter raw "{ type filter hook prerouting priority -300;}"
nft add chain ip filter prerouting "{ type nat hook prerouting priority 0;}"
nft add chain ip filter input "{ type filter hook input priority 0; counter;}"
nft add chain ip filter output "{ type filter hook output priority 0; counter;}"
nft add chain ip filter forward "{ type filter hook prerouting priority 0; counter;}"
nft add chain ip filter postrouting "{ type nat hook postrouting priority 100;}"
Best regards
Tom
